Banner grabbing – it ain’t exactly rocket science. It ain’t something the government is too much concerned about, either. In all its essence, it’s all about getting to know what lives on remote target. Be it discovered from open ports or a webpage – it’s always nice to know what we’re communicate with. Much is written about discovering CMS’s and web servers. Today I’ll give you quick intro to banner grabbing SSH. And no, the government doesn’t give a rats ass about it (clickbait o’hoy).

In all its glory you only need Telnet, but I’ll show you some different techniques.

Using Telnet

$ telnet 22
Trying ...
Connected to
Escape character is '^]'.
SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3

Using Netcat

$ nc -v 22 [] 22 (ssh) open
SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3

Using Nmap

nmap -sV -p 22

Starting Nmap 6.49BETA4 ( ) at 2015-10-25 16:06 CET
Nmap scan report for (
Host is up (0.021s latency).
rDNS record for
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.3 (Ubuntu Linux; protocol 2.0)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 4.15 seconds

Closing words

Using any of these three techniques should yield success. However, there are plenty of tools out there that will do the same job. I’ve tried some of them and found it easier to go along with what’s present on most Linux systems (or Macs).